CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
24.1%
A vulnerability in the “Save As” function of Mozilla Firefox, Firefox ESR and Thunderbird email client on Windows operating systems is related to insufficient input data validation.
Thunderbird email client of Windows operating systems is related to insufficient input data validation.
Exploitation of the vulnerability may allow a remote intruder to affect
confidentiality and integrity of protected information by replacing characters in file extensions
Vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to an operation exceeding the memory buffer boundaries during the execution of a file extension.
operation beyond the buffer boundaries in memory when processing HTML content. Exploitation of the vulnerability could
Allow an attacker acting remotely to execute arbitrary code
OffscreenCanvas interface vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to the inclusion of functions in the OffscreenCanvas interface of the Mozilla Firefox and Firefox ESR browsers.
Thunderbird is related to the inclusion of features from an invalid controlled area. Exploitation
of the vulnerability could allow an attacker acting remotely to bypass security restrictions
Vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to the use of hidden side channels.
the use of hidden side channels. Exploitation of the vulnerability could allow an attacker,
acting remotely, to gain unauthorized access to protected information
Vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to errors in security settings.
security settings. Exploitation of the vulnerability could allow an attacker acting remotely,
Bypass security restrictions and conduct a clickjacking attack
Vulnerability in Mozilla Firefox, Firefox ESR, Thunderbird browser is related to writing outside buffer boundaries.
Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code.
Vulnerability in Garbage Collector component of Mozilla Firefox, Firefox ESR and Thunderbird mail client is related to buffer boundaries.
Thunderbird email client is related to memory usage after its release when processing JavaScript objects.
JavaScript objects. Exploitation of the vulnerability could allow an attacker acting remotely,
execute arbitrary code or cause a denial of service
A vulnerability in Mozilla Firefox, Firefox ESR, and Thunderbird email client is related to an incorrect
restriction of visualized layers or frames of the user interface. Exploitation of the vulnerability
could allow an attacker acting remotely to execute arbitrary code
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
24.1%